Skip to content

add push input and rename registry output to image #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
crazy-max merged 1 commit into from
Nov 16, 2025
Merged

add push input and rename registry output to image #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 26 additions & 13 deletions .github/workflows/.test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ jobs:
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
output: image
push: ${{ github.event_name != 'pull_request' }}
cache: true
meta-images: |
public.ecr.aws/q3b5f1u4/test-docker-action
Expand Down Expand Up @@ -59,7 +60,8 @@ jobs:
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
output: image
push: ${{ github.event_name != 'pull_request' }}
cache: true
cache-scope: build-aws
meta-images: |
Expand Down Expand Up @@ -95,7 +97,8 @@ jobs:
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
output: image
push: ${{ github.event_name != 'pull_request' }}
meta-images: ghcr.io/docker/github-builder-test
meta-tags: |
type=raw,value=build-${{ github.run_id }}
Expand Down Expand Up @@ -128,7 +131,8 @@ jobs:
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
output: image
push: ${{ github.event_name != 'pull_request' }}
meta-images: registry-1-stage.docker.io/docker/github-builder-test
meta-tags: |
type=raw,value=build-${{ github.run_id }}
Expand Down Expand Up @@ -161,7 +165,8 @@ jobs:
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
output: image
push: ${{ github.event_name != 'pull_request' }}
meta-images: registry-1-stage.docker.io/docker/github-builder-test
meta-tags: |
type=raw,value=${{ github.run_id }},prefix=oidc-
Expand Down Expand Up @@ -195,7 +200,8 @@ jobs:
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
output: image
push: ${{ github.event_name != 'pull_request' }}
meta-images: |
ghcr.io/docker/github-builder-test
public.ecr.aws/q3b5f1u4/test-docker-action
Expand Down Expand Up @@ -236,7 +242,8 @@ jobs:
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'local' || 'cacheonly' }}
output: local
push: ${{ github.event_name != 'pull_request' }}
artifact-name: build-output
build-file: test/hello.Dockerfile
build-sbom: true
Expand All @@ -257,7 +264,8 @@ jobs:
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'local' || 'cacheonly' }}
output: local
push: ${{ github.event_name != 'pull_request' }}
artifact-name: build-output-single
build-file: test/hello.Dockerfile
build-sbom: true
Expand All @@ -279,7 +287,8 @@ jobs:
with:
context: test
target: hello
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
output: image
push: ${{ github.event_name != 'pull_request' }}
cache: true
cache-scope: bake-aws
meta-images: |
Expand Down Expand Up @@ -315,7 +324,8 @@ jobs:
with:
context: test
target: hello-cross
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
output: image
push: ${{ github.event_name != 'pull_request' }}
cache: true
cache-scope: bake-aws
meta-images: |
Expand Down Expand Up @@ -351,7 +361,8 @@ jobs:
with:
context: test
target: hello-cross
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
output: image
push: ${{ github.event_name != 'pull_request' }}
cache: true
cache-scope: bake-aws
meta-images: |
Expand Down Expand Up @@ -394,7 +405,8 @@ jobs:
with:
context: test
target: hello-cross
output: ${{ github.event_name != 'pull_request' && 'local' || 'cacheonly' }}
output: local
push: ${{ github.event_name != 'pull_request' }}
cache: true
artifact-name: bake-output
bake-sbom: true
Expand All @@ -416,7 +428,8 @@ jobs:
with:
context: test
target: hello
output: ${{ github.event_name != 'pull_request' && 'local' || 'cacheonly' }}
output: local
push: ${{ github.event_name != 'pull_request' }}
cache: true
artifact-name: bake-output-single
bake-sbom: true
Expand Down
42 changes: 22 additions & 20 deletions .github/workflows/bake.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,8 @@ on:
default: default
output:
type: string
description: "Build output destination (one of cacheonly, registry, local)"
default: 'cacheonly'
required: false
description: "Build output destination (image or local)"
required: true
artifact-name:
type: string
description: "Name of the uploaded artifact (for local output)"
Expand All @@ -31,6 +30,11 @@ on:
type: string
description: "Environment variables to set"
required: false
push:
type: boolean
description: "Push image to the registry (for image output) and/or sign attestation manifests or local artifacts"
required: false
default: false
cache:
type: boolean
description: "Enable cache to GitHub Actions cache backend"
Expand Down Expand Up @@ -314,7 +318,7 @@ jobs:
-
name: Docker meta
id: meta
if: ${{ inputs.output == 'registry' }}
if: ${{ inputs.output == 'image' }}
uses: docker/metadata-action@v5
with:
images: ${{ inputs.meta-images }}
Expand Down Expand Up @@ -345,6 +349,7 @@ jobs:
INPUT_CONTEXT: ${{ inputs.context }}
INPUT_TARGET: ${{ inputs.target }}
INPUT_OUTPUT: ${{ inputs.output }}
INPUT_PUSH: ${{ inputs.push }}
INPUT_CACHE: ${{ inputs.cache }}
INPUT_CACHE-SCOPE: ${{ inputs.cache-scope }}
INPUT_CACHE-MODE: ${{ inputs.cache-mode }}
Expand Down Expand Up @@ -375,6 +380,7 @@ jobs:
const inpContext = core.getInput('context');
const inpTarget = core.getInput('target');
const inpOutput = core.getInput('output');
const inpPush = core.getBooleanInput('push');
const inpCache = core.getBooleanInput('cache');
const inpCacheScope = core.getInput('cache-scope');
const inpCacheMode = core.getInput('cache-mode');
Expand Down Expand Up @@ -441,14 +447,11 @@ jobs:

let outputOverride = '';
switch (inpOutput) {
case 'cacheonly':
outputOverride = '*.output=type=cacheonly';
break;
case 'registry':
case 'image':
if (inpMetaImages.length == 0) {
core.setFailed('meta-images is required when output is registry');
core.setFailed('meta-images is required when output is image');
}
outputOverride = `*.output=type=registry,"name=${inpMetaImages.join(',')}",oci-artifact=true,push-by-digest=true,name-canonical=true`;
outputOverride = `*.output=type=image,"name=${inpMetaImages.join(',')}",oci-artifact=true,push-by-digest=true,name-canonical=true,push=${inpPush}`;
break;
case 'local':
outputOverride = `*.output=type=local,platform-split=true,dest=${inpLocalExportDir}`;
Expand All @@ -472,7 +475,7 @@ jobs:
});
-
name: Login to registry
if: ${{ inputs.output == 'registry' }}
if: ${{ inputs.push && inputs.output == 'image' }}
# TODO: switch to docker/login-action when OIDC is supported
uses: crazy-max/docker-login-action@dockerhub-oidc
with:
Expand All @@ -495,7 +498,7 @@ jobs:
-
name: Get image digest
id: get-image-digest
if: ${{ inputs.output == 'registry' }}
if: ${{ inputs.output == 'image' }}
uses: actions/github-script@v8
env:
INPUT_TARGET: ${{ steps.prepare.outputs.target }}
Expand All @@ -509,7 +512,7 @@ jobs:
core.setOutput('digest', imageDigest);
-
name: Install Cosign
if: ${{ inputs.output != 'cacheonly' }}
if: ${{ inputs.push }}
uses: actions/github-script@v8
env:
INPUT_COSIGN-VERSION: ${{ env.COSIGN_VERSION }}
Expand All @@ -527,7 +530,7 @@ jobs:
-
name: Signing attestation manifests
id: signing-attestation-manifests
if: ${{ inputs.output == 'registry' }}
if: ${{ inputs.push && inputs.output == 'image' }}
uses: actions/github-script@v8
env:
INPUT_IMAGE-NAMES: ${{ inputs.meta-images }}
Expand Down Expand Up @@ -562,7 +565,7 @@ jobs:
-
name: Signing local artifacts
id: signing-local-artifacts
if: ${{ inputs.output == 'local' }}
if: ${{ inputs.push && inputs.output == 'local' }}
uses: actions/github-script@v8
env:
INPUT_LOCAL-OUTPUT-DIR: ${{ env.LOCAL_EXPORT_DIR }}
Expand Down Expand Up @@ -646,7 +649,7 @@ jobs:
-
name: Docker meta
id: meta
if: ${{ inputs.output == 'registry' }}
if: ${{ inputs.output == 'image' }}
uses: docker/metadata-action@v5
with:
images: ${{ inputs.meta-images }}
Expand All @@ -657,21 +660,21 @@ jobs:
bake-target: ${{ inputs.meta-bake-target }}
-
name: Login to registry
if: ${{ inputs.output == 'registry' }}
if: ${{ inputs.push && inputs.output == 'image' }}
# TODO: switch to docker/login-action when OIDC is supported
uses: crazy-max/docker-login-action@dockerhub-oidc
with:
registry-auth: ${{ secrets.registry-auths }}
-
name: Set up Docker Buildx
if: ${{ inputs.output == 'registry' }}
if: ${{ inputs.push && inputs.output == 'image' }}
uses: docker/setup-buildx-action@v3
with:
version: latest
buildkitd-flags: --debug
-
name: Create manifest
if: ${{ inputs.output == 'registry' }}
if: ${{ inputs.push && inputs.output == 'image' }}
uses: actions/github-script@v8
env:
INPUT_IMAGE-NAMES: ${{ inputs.meta-images }}
Expand Down Expand Up @@ -713,7 +716,6 @@ jobs:
-
name: Set outputs
id: set
if: ${{ inputs.output != 'cacheonly' }}
uses: actions/github-script@v8
env:
INPUT_BUILD-OUTPUTS: ${{ toJSON(needs.build.outputs) }}
Expand Down
Loading